cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
301
Views
0
Helpful
8
Replies
Highlighted
Beginner

Expressroute Direct and Macsec

Hi,

 

Anyone ever get Macsec towards Azure up and running? We have a IOS-XE-switch, and followed the configuration guide for Macsec with PSK here: https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/security/62x/b-system-security-cg-ncs5500-62x/b-system-security-cg-ncs5500-62x_chapter_0101.html#concept_gjz_ysl_vcb

 

The second we enable "macsec network-link" toward azure, the line-protocol goes down, and show mka summary says the link is in Init-mode. Nothing happens after that, and can see no packets from the other end with debugs. Problem is Microsoft Azure-guys have had a look, and everything looks good on their end. Ideas?

8 REPLIES 8
Highlighted
Cisco Employee

Re: Expressroute Direct and Macsec

I'm a bit of a novice at cloud connectivity but who/how are you getting connectivity into Azure? Are you peering with them directly or via. some third party like Megaport?

Regards,

Jason.


Highlighted
Beginner

Re: Expressroute Direct and Macsec

Microsoft offers a direct connection called Expressroute Direct, and on that type of connection you can get macsec. Just not quite sure how to troubleshoot this when i dont have control of the other end. Cant see anything in the logs relating to wrong PSK or anything like that, what else can i do on my end to troubleshoot?

Highlighted
Cisco Employee

Re: Expressroute Direct and Macsec

So with this you get a direct circuit to Azure like they physically give you a cable/handoff? So it's L1 all the way to their service?

Highlighted
Beginner

Re: Expressroute Direct and Macsec

Yup

Highlighted
Beginner

Re: Expressroute Direct and Macsec

Hey, 

Did anyone find any resolution with this?

Highlighted
Beginner

Re: Expressroute Direct and Macsec

Not yet, still an ongoing case with ms-support. They seem to have found some issues on their end, but were not rocking macsec yet :( Ill update as soon as we get a cause.

Highlighted
Beginner

Re: Expressroute Direct and Macsec [SEC=UNOFFICIAL]

Well, I am trying run MACSEC TO AZURE Express Router. Connection overview is AZURE CIRCUIT---> Nexus 9K ---> ASR1000 Router. Cisco ASR1000 Router running MACSEC however appear that having issue as Init Stage.






Highlighted
Beginner

Re: Expressroute Direct and Macsec [SEC=UNOFFICIAL]

So this is a WAN Macsec implementation then? Is that supported in MS with the 802.1Q header in the clear, or have i misunderstood your setup?

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey